diff --git a/backend/docker-entrypoint.sh b/backend/docker-entrypoint.sh
index b6c1b9f..5df605c 100644
--- a/backend/docker-entrypoint.sh
+++ b/backend/docker-entrypoint.sh
@@ -6,13 +6,28 @@ PUID=${PUID:-1000}
 PGID=${PGID:-1000}
 
 echo "[entrypoint] Starting with PUID=$PUID, PGID=$PGID"
+echo "[entrypoint] Running as user: $(id)"
+echo "[entrypoint] Mount info for /app/data:"
+mount | grep -E "/app|data" || echo "[entrypoint] No specific mount found"
 
 # Ensure data directory exists and has correct ownership
 mkdir -p /app/data
 echo "[entrypoint] Created /app/data"
 
-chown -R "$PUID:$PGID" /app/data
-echo "[entrypoint] Set ownership of /app/data to $PUID:$PGID"
+# Show current ownership before chown
+echo "[entrypoint] Before chown:"
+ls -la /app/data/
+
+# Try to chown - this may fail on bind mounts owned by different host user
+if chown -R "$PUID:$PGID" /app/data 2>&1; then
+    echo "[entrypoint] Set ownership of /app/data to $PUID:$PGID"
+else
+    echo "[entrypoint] WARNING: chown failed (bind mount may have different host ownership)"
+fi
+
+# Show ownership after chown attempt
+echo "[entrypoint] After chown:"
+ls -la /app/data/
 
 # Check if we can write to data directory
 if touch /app/data/.write-test 2>/dev/null; then
@@ -20,6 +35,7 @@ if touch /app/data/.write-test 2>/dev/null; then
     echo "[entrypoint] Write test passed"
 else
     echo "[entrypoint] ERROR: Cannot write to /app/data"
+    echo "[entrypoint] FIX: Run on host: sudo chown -R $PUID:$PGID <your-data-path>"
     ls -la /app/
     exit 1
 fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 061bea2..ba634e5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,6 +25,10 @@ services:
       - /tmp:noexec,nosuid,size=64m
     cap_drop:
       - ALL
+    cap_add:
+      - CHOWN
+      - SETUID
+      - SETGID
     healthcheck:
       test: ["CMD", "node", "-e", "fetch('http://localhost:3000/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
       interval: 30s